Cybercrime has been global for years. So, what changed? It’s now more widespread. And, hackers are trying to exploit the global situation with COVID-19. Let’s zoom in on the alarming local consequences.
Long ago, robbers hid in a roadside ditch and jumped out when victims came walking along.
Now, they send your company a fake email that results in your files being held for ransom.
Robbers’ strategy: New.
Robbers’ goal: Same as always.
Our ancestors responded by learning to watch for robbers. In our modern times, we essentially have the same response.
Watching for robbers
Skip to the tips
Jump ahead to the core info
Crooks assault on our banking system
“The COVID-19 pandemic has added fuel to the fire that cybercriminals exploited the crisis by launching further attacks. More than 18 million COVID-19-related malware and phishing emails get blocked every day through Google, while scammers were 400% more active online than they were earlier in the year. This summer, there were 12,377 cases of scams involving COVID.”
“A host of new threats and challenges have emerged since the COVID-19, including cyber-attacks, election security, data breaches, and wage fraud. As businesses find a way to create a new digital working environment, technology becomes more prevalent and more opportunities for attacks and hacking come along with it. Private company information is now transferred to more personal laptops – some of which do not have proper safetyware.” –contextualsecurity.com
Full original article at Contextual Security (new tab/window)
Scope of the cybercrime
How bad is it?
Did you know Microsoft took down 50 hacker websites in 2019? ITProPortal reported the sites were linked to cyberattacks originating in North Korea.
“The attacks apparently came from a hacking group known as Thallium, which has been accused of being affiliated with the North Korean government.”
Investigators said the 50 domains were used for “spear phishing” attacks to steal personal data and upload malware to infect IT systems. Here at Realize, we have written about spear phishing in our blog.
It’s difficult to estimate how much damage could be done by 50 hacker websites. Especially since these were run by experienced criminals.
Cybercrime targeting ordinary people
The Microsoft Threat Intelligence Center said the operation was designed to target employees of governments, international agencies, as well as university staff, mostly based in the U.S., Japan and South Korea. “The U.S.” is us, folks. Forbes magazine reported that “The hacking group appears to have been targeting government employees, university staff, those working on nuclear proliferation issues, as well as world peace and human right[s]. The majority of those targeted were based in the U.S. …”
But, these cybercriminals are targeting organizations of all sizes. That includes your small business far away from major ports and international markets.
Password policies
Lock out the cybercrime
1Never use real words or names. Avoid doubling letters or numerals. Use a new password for each application (don’t recycle/reuse).
Password management software is a good investment. Due to competition, the free versions of some of these products block cybercrime very well.
One trait of society in the United States is a strong desire for convenience. Good, effective password policies are not convenient. Accept this fact. If we don’t accept this, hackers will use our desire for convenience against us.
Examples of passwords:
h9dT+-u8q?d+Atae (16 characters=strong, includes symbols and numbers, letters lowercase and uppercase, excludes similar characters, excludes ambiguous characters.)
‘aSZ*@ORwmeBo>]J (16 characters=strong, includes symbols but not numbers, letters lowercase and uppercase, may include similar or ambiguous characters.)
For customized help with this, ask your technologist or Managed Services Provider. You can ask Realize Information Technology.
Firewall, Anti-Malware Software
2Intricacy is part of security. Cybercrime thieves may use many ways of finding flaws in your armor. As a result, security software has multiple layers. Instead of trying to do all this on your own, invest in good software.
Think about it this way: Security companies who offer software have deep resources. They use security specialists with knowledge far beyond average, and likely beyond local resources. It would cost a pile of money to hire such a specialist to enhance the security in your offices. But, the firewall or anti-malware software they put on the market reduces that cost to folks like you. As a result, the market works in your favor.
Choose wisely when purchasing. If you have a technologist available, start with her/him. If you want to branch out, pick about three tech review sites and compare. In Google (or Bing or DuckDuckGo) type the following search terms …
“firewall” “small business” “reviews”
The quote marks tell the search engine to return results without omitting any of the three terms. That resulted in a page full of links leading to reviews!
Train to be stakeholders
3Crooks on the web are trying to exploit human behavior. So, we must train to change our own behavior, and no longer be vulnerable. When we look at past break-ins, they usually occur due to simple mistakes. This happens to employees and managers. Although rank has advantages, it does not grant immunity from hackers.
Managers must remember that training programs are most effective when they are persuasive. Forcing instructions down someone’s throat will hurt morale. The wiser option is to open a dialog with employees in training. Make sure your employees see how they benefit from improved cybersecurity. “You get to keep your job” is not a benefit; it’s just a threat.
Most importantly, a stakeholder receives a benefit for work that goes beyond money. Improving your personnel management will ensure all employees feel like stakeholders.
Training should also include crisis response, like the current situation with the coronavirus pandemic. Realize Information Technology owner Jeff Woods reports that Tulsa-area businesses must be proactive.
“We are receiving numerous alerts that hackers are attempting to exploit the fear and panic from the COVID-19 outbreak,” Woods said in a blog post.
Cybercrime is global; you can push back
- Encrypt and back up data
- Stay ahead by backing up data and storing it separately
- Invest in cyber security insurance
- Seek specialist advice for cyber security insurance
- Create a security-focused workplace culture
- Educate staff on the dangers of unsecured networks
- Teach avoidance of unsecured websites
- Discourage password sharing
- Restrict network admin rights
- Use robust anti-malware and firewall software
- Use software in conjunction with education
- Protect against the threat of an attack
–https://www.entrepreneur.com/article/316886
Related ideas:
- Work toward a greater understanding of how hackers get in. Most intrusions involve leveraging human nature. They know your staff is busy and may be prone to error. They know some employees are not proficient with technology. And, they know many password policies are either flawed or not enforced.
- Gain freedom from negative ideas that limit your defense. Example: every potential problem need not be your headache. There is reasonably-priced software to handle much of the security load. From basic user tools to enterprise-level firewalls; you have options.
- Earn a better reputation as you outsmart intruders. A successful hacker will not only hurt you internally, but any public disclosure could cause customers to mistrust you.
Conclusion
● The gist of this post is empowerment. Have you ever seen a news report about women who have been assaulted being taught self defense? That training is not just about physical combat. It’s also about having a belief system built on confidence.
● Being proactive is your best defense against cybercrime. Don’t listen to anyone who promotes a do-nothing approach. As smart as hackers are, you have the capacity to match them.
1. FCC page
2. Federal Bureau of Investigation page
3. Business sector advice